Install database drivers

After you've downloaded and installed Splunk DB Connect, the first step in the DB Connect setup process is installing a Java Database Connectivity (JDBC) database driver.

The recommended way to install a JDBC driver on a Splunk instance is to install a JDBC driver add-on. After you add the database driver, continue with either the single server or distributed deployment instructions. You will be able to verify whether the database driver was installed successfully during DB Connect setup.

Install new drivers using JDBC Driver add-ons

DB Connect officially supports connecting to databases using JDBC drivers made available through the following Splunk add-ons for DB Connect using specific databases:

To use a JDBC driver from one of the add-ons simply install the add-on following installation instructions and DB Connect will automatically use the JDBC driver provided by the add-on.

If not already installed, you can install JDBC Add-ons directly from the DB Connect application during connection setup. In that case, a pop-up window will appear and you will need to follow the installation instructions. After the driver is installed, it takes approximately 10 seconds for it to be available on the system.

For all supported databases by drivers add-ons, to install the JDBC driver on a Splunk instance, follow these instructions:

  1. Install the JDBC driver add-on for your database, if available.
  2. Reload the driver under Settings>Drivers.

Note: In case of missing add-on for your database please open idea in [http://ideas.splunk.com/IdeasPortal]

Note: Please avoid installation of the same JDBC driver via the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory and a JDBC driver add-on. In such a case the JDBC driver provided by the add-on will take priority over the one in $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory

Note: The Java Runtime Environment (JRE) used by your deployment's JAVA_HOME must match the JRE version of the driver that you are installing.

Note: List of supported database should be provided in each JDBC Driver addons

Upgrading add-on from manual install method

The recommended way to install a JDBC driver on a Splunk instance is to install a JDBC driver add-on. Drivers installed manually can be upgraded to add-on based drivers by using the following procedure:

  1. Remove appropriate manually installed JDBC driver from directory $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers
  2. Reload the driver under Settings>Drivers. Check if driver was deactivated in drivers list
  3. Install the appropriate JDBC driver from this manual: Install new drivers using DBX Driver add-ons.

Install unsupported drivers (customer managed only)

In addition to the supported databases that Splunk has tested and certified for use with DB Connect, you may also be able to use unsupported JDBC-compatible databases with Splunk DB Connect. You will need to provide the necessary JDBC drivers to add your own database types. You can add custom support to Splunk DB Connect for any database that has a JDBC driver, even if it doesn't appear in the supported database matrix.

Notes:

  • Connecting to a database that is not listed in the supported database matrix is not supported by Splunk Support.
  • At a minimum, Splunk DB Connect supports querying custom database connections. For some custom database connections, certain query-related features may not work.

Installing a custom database is a multi-step process:

  1. Download and install the JDBC driver file.
  2. Add the custom database to db_connection_types.conf.
  3. Troubleshoot or disable connection validation, if necessary.

Download and install the JDBC driver file

Download the JDBC driver for the database you want to add, and copy the .JAR file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts).

Add the custom database to db_connection_types.conf

When you add a custom database connection that Splunk DB Connect does not support by default, you must create a stanza to define the database connection in a copy of db_connection_types.conf under $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\local on Windows hosts), for example 

 displayName = $your database name$
 serviceClass = com.splunk.dbx2.DefaultDBX2JDBC
 jdbcDriverClass = $JDBC driver class$
 jdbcUrlFormat = $JDBC URI Format$
 ui_default_catalog = $database$

For more information, see Configuration file reference.

Database connection validation

Each time DB Connect uses a database connection, it tries to validate that the database connection is actually working. If validation fails, you might see an error message, such as "ValidateObject failed".

DB Connect uses these two methods to validate a connection:

  1. If a testQuery is specified in db_connection_types.conf, DB Connect executes that query, and receives a response that validates that the connection is working.
  2. If testQuery is not specified, DB Connect uses the Java method connection.isValid(), and relies on the JDBC driver to answer. Some JDBC drivers do not implement this API call. (For instance, Apache Derby was built against Java 1.5, where JDBC doesn't have the method isValid.) The workaround is to specify a manual testQuery, such as SELECT 1.

After you add the custom database driver, continue with either the single server or distributed deployment instructions.

Enable SSL for your database connection

DB Connect has built-in support for connecting via SSL to several supported databases. Though other supported databases may support SSL connections, DB Connect support for SSL means that Splunk has tested SSL for that database type and supports connecting over SSL using DB Connect.

If you want to deploy DB Connect in Splunk Cloud. You must enable SSL connection for your database. See supported database matrix for the database supported for cloud deployment.

DB Connect will detect whether it supports SSL for your database type,

  • If DB Connect supports SSL connections for your database type, enabling an SSL connection is easy. When you create a new database connection, select the Enable SSL checkbox.
  • If DB Connect does not natively support SSL for your database type, you cannot select the Enable SSL checkbox in connection settings, it is grey out. However, you can add in SSL support by selecting Edit JDBC URL and editing the URL. Be aware that Splunk cannot certify that databases for which DB Connect does not have native support for SSL will connect via SSL correctly. Splunk Support will not help you troubleshoot such connections.

The possibility to configure one-way SSL authentication from the UI was added for MySQL, MSSQL and Oracle databases. While creating a connection users will be able to pass a certificate which will be automatically added to the Java TrustStore and used for the server authentication. If the Enable SSL checkbox will be selected, but the certificate field would be empty - DB Connect will ignore it and work as before.

To improve security following some properties have been removed from the default connection properties. The full list of changes can be found below.

  1. MySQL - {"verifyServerCertificate":"false"}
  2. MS-SQL Server Using MS Generic Driver - {"trustServerCertificate":"true"}
  3. MS-SQL Server Using MS Generic Driver With Windows Authentication - {"trustServerCertificate":"true"}
  4. MS-SQL Server Using MS Generic Driver With Kerberos Authentication - {"trustServerCertificate":"true"}
  5. Oracle - {"oracle.net.authentication_services":"(TCPS)","oracle.net.ssl_cipher_suites":"(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA)"}
  6. Oracle Service - {"oracle.net.authentication_services":"(TCPS)","oracle.net.ssl_cipher_suites":"(SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA)"}
  7. PostgreSQL - {"sslfactory":"org.postgresql.ssl.NonValidatingFactory"}
  8. AWS RedShift - {"verifyServerCertificate":"false"}
  9. AWS RedShift version 2.0 - {"verifyServerCertificate":"false"}
  10. AWS RDS Aurora - {"verifyServerCertificate":"false"}
  11. Hive - {"verifyServerCertificate":"false"}
  12. Spark SQL - {"verifyServerCertificate":"false"}

If you still want to use them, they can be added to connection_properties in the connection definition, or defined in the jdbcUrl.

Use a different default driver for your database

You can change the driver that DB Connect uses for your database type. This can be useful if you want to use a custom driver to connect to your database. To change the driver, you edit the db_connection_types.conf file.

First, get the JDBC driver vendor's Java driver class name. For example, the class name of the Microsoft JDBC Driver for SQL Server is com.microsoft.sqlserver.jdbc.SQLServerDriver. Once you've found the correct Java class name, do the following:

  1. Using a text editor, open the db_connection_types.conf from within $SPLUNK_HOME/etc/apps/splunk_app_db_connect/default/ (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\default on Windows hosts).
  2. Find the stanza for the database type for which you want to configure a custom driver, select it, and then type Ctrl-C or Command-C to copy it.
  3. Create a new db_connection_types.conf file (if one doesn't already exist) in $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local/ (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\local on Windows hosts). If the file is a new file, open it and type [local] and then two new lines.
  4. Paste in the database stanza you copied from the default db_connection_types.conf file.
  5. Change the entry next to jdbcDriverClass to match the Java class name for your custom driver.
  6. If you want to retain the ability to choose the original database driver, change the name of the stanza and update the displayName attribute to differentiate it from the original driver.
  7. Restart Splunk Enterprise.

Supported databases

Splunk DB Connect supports the databases listed in the following matrix:

  • The driver listed in the JDBC driver name/link column is the driver that Splunk has tested with Splunk DB Connect.
  • DB Connect supports and has been tested with Java cryptography standard algorithm, if you need a stronger algorithm, you must install the "JCE Unlimited Strength Jurisdiction Policy Files." Legal restrictions may apply in your country. See Java Security Providers and JCE Download pages for details. Consult your database vendor's documentation for configuration instructions.

Supported databases by JDBC Add-Ons

JDBC driver Add-Ons provides in documentation what version of java and database supports.

Database Name JDBC driver Add-on JDBC driver Add-on Documentation SSL support*
AWS RDS Aurora Splunk Add-on for MySQL JDBC JDBC Add-on for MySQL Documentation Yes
AWS RedShift Splunk Add-on for Redshift JDBC JDBC Add-on for RedSift Documentation Yes
MemSql Splunk Add-on for MySQL JDBC JDBC Add-on for MySQL Documentation Yes
Oracle Database Splunk Add-on for Oracle JDBC JDBC Add-on for Oracle Documentation Yes
MySQL Splunk Add-on for MySQL JDBC JDBC Add-on for MySQL Documentation Yes
Postgres Splunk Add-on for Postgres JDBC JDBC Add-on for Postgres Documentation Yes
Snowflake Splunk Add-on for Snowflake JDBC JDBC Add-on for Snowflake Documentation Yes
Microsoft Sql Server Splunk Add-on for Microsoft Sql Server JDBC JDBC Add-on for Microsoft Sql Server Documentation Yes
IBM DB2 Splunk Add-on for DB2 JDBC JDBC Add-on for DB2 Documentation Yes
InfluxDB Splunk Add-on for InfluxDB JDBC JDBC Add-on for InfluxDB Documentation Yes
MongoDB Splunk Add-on for MongoDB JDBC JDBC Add-on for MongoDB Documentation Yes

Other supported databases

Database Database version JDBC driver name JDBC driver version tested SSL support* Cloud support**
AWS RedShift 1.0.1044 RedshiftJDBC41-1.2.1.1001.jar
Note: Not compatible with RedshiftJDBC42-1.2.1.1001.jar.
1.1 Yes No
Informix 12.10.FC5TL Informix JDBC Driver 3.0 Yes No
SAP SQL Anywhere (aka Sybase SA) 16.0.0.1948 Sybase jConnect 7.0 No No
Sybase ASE 16.0.02.00.1014 Sybase jConnect 7.0 No No
Sybase IQ 15.4.1.3019 Sybase jConnect 7.0 No No
Hive 3.2.4 Cloudera JDBC Driver

Simba JDBC Driver

2.6.5

2.6.13

No No
Google BigQuery ODBC and JDBC drivers for BigQuery 1.5.4.1008 Yes
AWS AthenaAthena JDBC 3.x Driver3.5.0Yes

* SSL support: This column specifies whether DB Connect tests and supports Secure Sockets Layer (SSL) connections to this database. Though other supported databases may support SSL connections, DB Connect support for SSL means that Splunk has tested SSL for that database type and supports connecting over SSL using DB Connect.

** Cloud support: This column specifies whether the database is supported for Splunk Cloud. You must enable SSL connection if you want to use DB Connect in a Splunk Cloud deployment.

Useful information about drivers configuration

Notes:

  • Your database connection must be set up to return results encoded in UTF-8. Consult your database vendor's documentation for instructions.
  • DB Connect supports sending data that is in a multi-byte character set, such as Traditional Chinese, using a database output. Depending on your database, you may need to change certain settings on the database side to the database to properly receive and store the data. See Enable output to multi-byte character sets.

IBM DB2

IBM DB2 is supported when the database is running on Linux. Splunk doesn't test or support DB2 on AS/400 or Windows.

Note: IBM DB2 is only supported when the database is running on Linux. Splunk doesn't test or support DB Connect with DB2 on AS/400 or on Windows.

If you want to use GSS API security mechanisms in IBM DB2, download Java Cryptography Extension (JCE) Policy to your $JRE_Installation_Path/jre/lib/security and set the encryptionAlgorithm parameter of JDBC URL as 

jdbcUrlFormat = jdbc:db2://<host>:<port>/<database>:securityMechanism=9;encryptionAlgorithm=2;

Follow these instructions to install the DB2 JDBC Driver:

  1. Go to DB2 JDBC Driver Versions and Downloads on the IBM website, and click the link for the latest DB2 Version 10.5 driver.
  2. Click the Download link for the IBM Data Server Driver for JDBC and SQLJ (JCC Driver).
  3. Select the newest fix pack, and then click Continue. You will need to log in with your IBM ID, or create one if you don't already have one.
  4. Click the Download using your browser (HTTPS) radio button, and then Continue.
  5. Right-click the file name, and then save it to your hard disk.
  6. Expand the downloaded file, and then expand the db2_db2driver_for_jdbc_sqlj.zip file.
  7. Copy or move the db2jcc4.jar file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory.
  8. Reload the driver under Settings > Drivers.

For additional information, see the Installing and Connecting to Clients documentation on the IBM website.

Hive

We support connecting to Hive using two database drivers: Simba and Cloudera.

For Simba, the procedure involves requesting a trial or purchasing the driver. After you obtain the license, it is sent to you, and you need to follow attached instructions to activate it.

Microsoft SQL Server

You have several options for connecting to a Microsoft SQL Server. Start by determining:

  • Which operating system (Windows or Linux) is running Splunk DB Connect.
  • Which driver you want to use.
  • How your database server authenticates your connection.

See Legends below the table for a more detailed explanation.

Follow this table from left to right, choosing the options that correspond to your Microsoft SQL Server environment. For more information about the meaning of each column, see the legend that follows the table.

Operating System*Driver**Authentication***How to configure the connection
WindowsSplunk DBX Add-on for Microsoft SQL Server JDBCSQL Authentication Configure SQL Server connection using SQL server authentication
Windows Authentication Configure SQL Server connection using Windows authentication
Microsoft Entra ID Authentication Configure Azure SQL Database connection using Microsoft Entra ID Authentication
LinuxSplunk DBX Add-on for Microsoft SQL Server JDBCSQL authentication Configure SQL Server connection using SQL server authentication
Kerberos authentication Configure SQL Server connection using Kerberos authentication
Microsoft Entra ID Authentication Configure Azure SQL Database connection using Microsoft Entra ID Authentication

Legend

* Operating System: The operating system on which DB Connect is running. DB Connect is supported on both Linux and Windows Server.

** Driver: The JDBC driver that DB Connect will use to connect to your database:

*** Authentication: The type of service account that DB Connect will use to connect to your database:

  • SQL Authentication: Log into SQL Server as a SQL Server user. This option assumes you will create an identity that uses a username and password that is defined on the database.
  • Windows Authentication: Log into SQL Server as a Microsoft Integrated Windows Authentication user ("domain user"). This assumes that you are creating an identity that uses a domain, user name, and password to connect to the database, and that the user you assign to the identity is part of an Active Directory user group that has been set up to log into your SQL Server.
  • Kerberos Authentication: DB Connect uses a Kerberos client (Linux) to negotiate an authentication ticket with the Active Directory environment directly. This assumes that the user you assign to the identity is part of an Active Directory user group that has been set up to log into your SQL Server.

Install the SQL Server database driver using a SQL server authentication

Follow this procedure to log onto your SQL Server database using a SQL Server username and password (non-domain attached):

Install the SQL server database driver

Perform the following steps to install the Microsoft JDBC Driver for SQL Server:

  1. Install the MSSQL JDBC driver add-on.
  2. Reload the driver under Settings>Drivers.

To install the SQL Server database driver in an on prem Splunk instance or to install a different version of the SQL Server Database driver than available via the add-on in a Splunk instance, follow this instruction:

  1. Download the appropriate JDBC driver for SQL Server. For the Microsoft JDBC Driver for SQL Server download the driver from the Microsoft JDBC Driver page.
  2. Move the driver file to the correct location:
    • For the MS Generic Driver, from inside the zip file, copy or move the proper jar file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts).
    • If you need to use a database service account on Windows with the Generic driver, you must install the JDBC Auth library:
      1. From the Microsoft JDBC Driver for SQL Server download, unpack, and locate the .dll file. You can find the file at the following path: sqljdbc_<version>\<region_code>\auth\<architecture>\mssql-jdbc_auth-<version>.<architecture>.dll , where <region_code> is the three-letter region code (for example, enu for U.S. English), <architecture> is the processor type (x86 or x64) and <version> is a number matching the JDBC driver from the add-on (minor 12.10 full 12.10.1).
      2. Copy the .dll file to C:\Windows\System32 on your Splunk Enterprise server.
      3. From the Windows Control Panel, go to Services, and get properties on Splunk Service.
      4. Click the Log On tab, and change the Log on as setting from the Local System account to that of the logged on domain user.
        Note: The domain user should have sufficient privileges to access the SQL Server instance.
      5. Save your changes, and restart the Splunk Enterprise server for the changes to take effect.

When you create a connection to this database in DB Connect, you must choose MS-SQL Server Using MS Generic Driver from the Connection Types pop-up menu.

Install the SQL Server database driver using the MS Generic driver with Kerberos authentication

If you're running DB Connect on Linux, you can connect to a Microsoft SQL Server using a Windows domain and user name by enabling Kerberos authentication.

Before starting the following procedure:

  1. See the instructions on how to Install the appropriate JDBC driver for SQL Server
  2. Enable Kerberos on the Microsoft SQL Server.

    Now complete the following steps to enable DB Connect to use Kerberos authentication to connect to your SQL Server database:

    1. First, get the domain name:
      1. Log onto the Windows server that is running your SQL Server database.
      2. At the command line, run systeminfo, and then copy down the domain name (next to the Domain: label).
    2. Next, get the Kerberos Distribution Center (KDC) information:
      1. From the command line, run the following, replacing <domain> with the domain name you copied in the previous step: 
        nltest /DSGETDC:<domain>
      2. Copy down the name of the domain controller, which is next to the DC: label. This is the KDC host name.
    3. Back on the machine running DB Connect, use the kinit command to generate a krb5.conf file, which Kerberos will use to authenticate with the SQL Server for DB Connect.
      1. First, install kinit by entering the following at the command line: 
        apt-get install krb5-user
        If you are prompted to enter a realm, enter the domain name you obtained in Step 1, but in all upper-case letters. For example, if your domain is abc.dbx, you'd enter ABC.DBX.
      2. Next, use kinit to initialize the Kerberos ticket cache. Enter the following at the command line, replacing <username> with the appropriate user name (such as Administrator) and <DOMAIN> with the domain name, in upper-case letters: 
        kinit <username>@<DOMAIN>

        The krb5.conf has been generated in the /etc directory.

        Note: If the krb5.conf file is not in the /etc directory, set the following option in JVM Options under the Settings tab: -Djava.security.krb5.conf=/path/to/krb5.conf

    4. Create an identity in DB Connect.
      1. Select New Identity under Explorer > Identities.
      2. Enter Identity Name, Username, Password, and then click save.
        • Username: Enter the username of your Kerberos account. If you don't select Use Windows Authentication Domain?, you have to append @<DOMAIN> at the end of the username, e.g. Administrator@<DOMAIN>
        • Password and Confirm Password: Enter the password of your Kerberos account.
        • Use Windows Authentication Domain?: If you select it, you have to enter the <DOMAIN> in Windows Authentication Domain field, then you don't have to append @<DOMAIN> at the end of the Username.
        Note: You can add multiple identities if you need to use the different users to do the Kerberos authentication.
    5. Create a new connection in DB Connect as you normally would, keeping in mind the following:
      • Database Types: Be sure to choose MS-SQL Server Using MS Generic Driver with Kerberos Authentication from the popup menu.
      • JDBC URL Format: Once you've entered all the necessary connection information, add the following to the JDBC URL string to enable DB Connect to use the Kerberos authentication you just set up:
        • integratedSecurity=true
        • authenticationScheme=javaKerberos

      After you're finished, the field should contain the following: 

      jdbc:sqlserver://<host>:<port>;databaseName=<database>;selectMethod=cursor;integratedSecurity=true;authenticationScheme=javaKerberos

Note: To debug Kerberos authentication, set the following option in JVM Options under the Settings tab: -Dsun.security.krb5.debug=true

Configure Azure SQL Database connection using Microsoft Entra ID Authentication

Currently Splunk DB Connect support connections to Azure SQL Database with Microsoft Entra ID Authentication using Splunk DBX Add-on for Microsoft SQL Server JDBC, it includes the Microsoft Authentication Library for Java (MSAL4J).

When creating a connection select the connection type with name: Azure SQL Database Using Microsoft Entra Password Authentication.

For more details about how to configure Microsoft Entra Authentication for Azure SQL Database follow the official guide: Microsoft Entra server principals

Multiple SQL Server instances

If you have multiple instances of Microsoft SQL Server installed on your server, you will need to edit the JDBC connection string to add a parameter that explicitly references the instance you want to contact.

  1. Follow the instructions in "Override db_connection_types.conf" to make a copy of the db_connection_types.conf file in the local directory and copy the stanza for the Microsoft SQL Server driver you're using into the file.
  2. Edit the jdbcUrlFormat or jdbcUrlSSLFormat (if you're connecting using SSL) setting by appending it with the following: ;instanceName=
  3. Set the instanceName parameter to the name of the instance you want to connect to. For example: 
    jdbc:sqlserver://dbx-sqlserver.mydomain.com:1433;databaseName=master;instanceName=test
  4. Save and close the file, and then Reload the driver under Settings>Drivers

After you add the database driver, continue with either the single server or distributed deployment instructions. You will be able to verify whether the database driver was installed successfully during DB Connect setup. If you've already set up DB Connect and are adding a new database, click Settings in the top navigation bar and then the Driver tab to view the driver status. If you have trouble, see "Troubleshoot driver connections."

Sybase ASE, SAP/Sybase SA, and SAP/Sybase IQ

Follow these instructions to download and install the jConnect for JDBC driver for Sybase Adaptive Server Enterprise (ASE), SAP/Sybase SQL Anywhere, and SAP/Sybase IQ:

  1. Go to the SAP software downloads page and log in.
  2. Search for and download the jConnect package.
  3. Expand the file you just downloaded and locate the jconn4.jar file inside the classes directory.
  4. Copy or move the jconn4.jar file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts).
  5. Reload the driver under Settings>Drivers.

Spark SQL

  1. Copy all the SparkJDBC41.jar file to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers and the other .jar files under $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/SparkJDBC41-libs.
  2. Copy your Spark JDBC driver license file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory.
  3. Save and restart RPC server under Settings > General Settings.

Teradata

Follow these instructions to install the Teradata JDBC Driver:

  1. Go to the Teradata JDBC Driver page on the Teradata website.
  2. Click the link to download the ZIP or TAR file for the latest version of the driver. You need to log in with your Teradata user account.
  3. Expand the file you just downloaded.
  4. From inside the TeraJDBC_... directory, copy or move the two .JAR files (terajdbc4.jar to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers and tdgssconfig.jar (only if Teradata JDBC Driver < 16.20.00.11) to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/terajdbc4-libs) directory.
  5. Reload the driver under Settings > Drivers.

For more information, including how to use the tdgssconfig.jar file, see the readme.txt file inside the TeraJDBC_... directory, or the Teradata JDBC Driver Reference.

Oracle

Follow these instructions to install the Oracle JDBC Driver in a Splunk instance:

  1. Install the Oracle JDBC driver add-on.
  2. Reload the driver under Settings > Drivers.

To install the Oracle JDBC driver in a different version of the Oracle JDBC driver than available via the add-on in a Splunk instance, please follow these instructions:

  1. Go to the Oracle JDBC Driver Downloads page.
  2. After you have downloaded the correct driver for your database, copy the .JAR driver file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts). If you want to use ojdbc7 to parse XML data type, add xmlparserv2.jar as a dependency
  3. Reload the driver under Settings > Drivers.
Note: For users of Oracle 11g, the SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_RC4_128_MD5, and SSL_DH_anon_WITH_DES_CBC_SHA cipher suites are deactivated by default in Java 8. To allow these cipher suites, see the Test or Revert changes to Oracle's JDK and JRE Cryptographic Algorithms section of the Java documentation.

Connect to Oracle using SSL

You can connect to an Oracle database using Secure Sockets Layer (SSL) 3.0 (TLS) in three ways:

  • Without using SSL authentication: Neither client (DB Connect) nor server verifies each other's certificate authority (CA).
  • Using one-way SSL authentication: The client verifies the server's CA.
  • Using two-way SSL authentication: Both client and server verify each other's CA.

If you are using one-way or two-way authentication, you will need to have set up an Oracle wallet on the server. Oracle wallets store credentials for connecting to Oracle databases. An Oracle wallet is not required on the client if you're not using SSL authentication.

The basic steps for setting up one of these SSL connections are:

  1. Configure Oracle wallets:
    1. Create and configure a server wallet.
    2. Create and configure a client wallet.
    3. Enable the auto-login feature.
  2. Enable SSL and configure settings on the Oracle database server:
    1. Set the server's auto-login Oracle wallet location in the sqlnet.ora and listener.ora files.
  3. Configure DB Connect:
    1. Copy JDBC drivers to the appropriate DB Connect directory.
    2. Create a database connection using the correct JDBC URL.
    3. Specify the wallet location in your connection's stanza within the db_connections.conf file or add a connection property from the user interface. The property name should be oracle.net.wallet_location and the value should point to the wallet directory.

Configure Oracle wallets

First, create and configure standard wallets for both the server and client using Oracle Wallet Manager, and enable the auto-login feature. Do one of the following:

Make a note of the location of your Oracle wallets, particularly if you changed the default location.

After following the appropriate set of Oracle instructions, you will have created your Oracle wallets, imported the appropriate certificates into your wallets, and set the auto-login feature for your wallets. Be sure that, if you are setting up either one-way or two-way authentication, you have a wallet on both the DB Connect machine and the Oracle server. The DB Connect machine's wallet should contain the server wallet's CA.

Note: Splunk DB Connect does not have any built-in functionality to help configure Oracle Wallet. Oracle Wallet can be configured due to JDBC driver capabilities and Oracle Database support, etc.

Enable SSL and configure settings on the Oracle database server

Next, enable and configure SSL on the Oracle database server by adding the path to your server wallet to the sqlnet.ora and listener.ora files:

  1. On your Oracle database server, navigate to the .../network/admin directory. For example: /u01/app/oracle/product/11.2.0/dbhome_1/network/admin
  2. Edit the sqlnet.ora file and add the following, changing the DIRECTORY path to the path to the server wallet:
    WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/server/wallet/path/)))
  3. In the same file, set SSL_CLIENT_AUTHENTICATION to FALSE if you're either connecting with no SSL authentication or with one-way SSL authentication. Set SSL_CLIENT_AUTHENTICATION to TRUE if you're connecting with two-way SSL authentication. For more information, see Configuring Secure Sockets Layer Authentication in the Oracle Database Advanced Security Administrator's Guide.
  4. In the same directory, edit the listener.ora file. Add the same wallet location and set SSL_CLIENT_AUTHENTICATION in the same way.
  5. Save and close both files.

Set up the SSL connection using a cipher suite:

  • For no SSL authentication, use an anonymous Diffie-Hellman key exchange.
  • For one-way or two-way SSL authentication, use a cipher suite like RSA or standard DH.

Configure DB Connect and enable an SSL connection on the client

Now, configure DB Connect. Start by copying the JDBC drivers to the appropriate DB Connect directory:

  1. On the Oracle server, navigate to $ORACLE_HOME/jlib.
  2. Using your network or removable media, copy ojdbc6.jar file to the $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers on Windows hosts) on the machine running DB Connect, and then copy the following .jar files under $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/ojdbc6-libs directory (%SPLUNK_HOME%\etc\apps\splunk_app_db_connect\drivers\ojdbc6-libs on Windows hosts)
    • oraclepki.jar
    • ojpse.jar
    • osdt_cert.jar
    • osdt_core.jar

(Optional) Connect to Oracle RDS over SSL

Use the following steps to connect to Oracle RDS over SSL.

  1. Open a command line window, and enter the following information: 
    openssl x509 -outform der -in rds-ca-2019-root.pem -out rds-ca-2019-root.der
keytool -import -alias rds-root -keystore keystore/default.jks -file rds-ca-2019-root.der
keytool -list -v -keystore
     

  2. Navigate to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/default, and make a copy of db_connection_types.conf.

  3. Navigate to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local, and paste the copy of db_connection_types.conf.

  4. In $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local, open db_connection_types.conf using a text editor.

  5. For every connection type that you use, add or replace the following parameter:
    connection_properties =

{"javax.net.ssl.trustStore": "<path>/splunk_app_db_connect/keystore/default.jks", "javax.net.ssl.trustStoreType": "JKS", "javax.net.ssl.trustStorePassword": "changeme"}
  6. Restart your Splunk platform instance.

Next, set up a new identity, and then a new connection:

  1. Follow the instructions in Create and manage database connections to set up a new connection.
  2. Use your server information to set up the connection, and be sure to select the Enable SSL checkbox.
  3. When you get to the JDBC URL Format field, click the "Click here" link beneath the field to edit the JDBC URL.
  4. In the JDBC URL Format field, paste the following: 
    jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=tcps)(HOST=servername )(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=servicename)))
  5. Save the connection.
  6. Go to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/local, and edit the db_connections.conf file.
  7. Find the connection stanza with the name you gave it, and edit the connection_properties argument.
    Here is an example:
    connection_properties = {"oracle.net.authentication_services":"(TCPS)","oracle.net.ssl_cipher_suites":"SSL_DH_anon_WITH_3DES_EDE_CBC_SHA"}
    Note: connection_properties is in JSON format, it represents JDBC connection properties. The properties you defined here need to be consistent with what you configured in Database. See JDBC with Oracle 12c Database for more information.
  8. Save and close the db_connections.conf file.

Google BigQuery

When creating a new connection, select Google BigQuery Using Simba JDBC Driver connection type. This preconfigured connection is ready to use with a Google Service Account authentication. Please note that the identity field is optional, you can leave it blank.

Configure the JDBC Driver

  1. Download the JDBC driver from ODBC and JDBC drivers for BigQuery.
  2. Extract the contents of the .zip.
  3. Copy GoogleBigQueryJDBC42.jar to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers.
  4. Create a directory with name GoogleBigQueryJDBC42-libs under $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers.
  5. Copy the others files to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers/GoogleBigQueryJDBC42-libs.
  6. Restart Splunk.

Snowflake authentication with a Programmatic Access Token (PAT)

Perform the following steps to configure a Snowflake connection in Splunk DB Connect using a PAT. For more information, see https://docs.snowflake.com/en/developer-guide/jdbc/jdbc-configure Configuring the JDBC Driver > Authenticating with a programmatic access token.

  1. In Snowflake, create a PAT in Admin > Programmatic Access Token > User & RolesAdmin > User&Roles > (Select a specific user) > Programmatic Access Tokens > Generate new token.

  2. Make sure a network policy is associated with the user.

  3. Go to Splunk DB Connect and add the token as a password for the Snowflake identity.
    Warning: After the token expires the connectivity to Snowflake is lost.

Configure Snowflake OAuth for Splunk DB Connect

Since version 4.1.0, Splunk DB Connect allows connecting to Snowflake using OAuth 2.0 with the Authorization Code flow.

Create the Snowflake Security Integration

This section describes how to enable OAuth with Authorization Code flow on the Snowflake side. For more information, see Configure Snowflake OAuth for custom clients.

USE ROLE ACCOUNTADMIN;

CREATE SECURITY INTEGRATION DBX_INTERNAL_OAUTH_INTEGRATION
TYPE = OAUTH
OAUTH_CLIENT = CUSTOM
OAUTH_CLIENT_TYPE = 'PUBLIC'
OAUTH_REDIRECT_URI = '<http|https>://<splunk-host>:<splunk-port>/en-GB/app/splunk_app_db_connect/configuration'
ENABLED = TRUE
OAUTH_ISSUE_REFRESH_TOKENS = TRUE
OAUTH_ALLOW_NON_TLS_REDIRECT_URI = TRUE;

Make sure OAUTH_ISSUE_REFRESH_TOKENS is set to TRUE, because Splunk DB Connect use it to get new access token before it expires; what is critical to run the data ingestion without disruption.

Make sure you set OAUTH_REDIRECT_URI properly, it has to follow this pattern: <http|https>://<splunk-host>:<splunk-port>/<lang>/app/splunk_app_db_connect/configuration . If there is a mistake, you get an error from the Snowflake side.

If you use http in the OAUTH_REDIRECT_URI, you must set OAUTH_ALLOW_NON_TLS_REDIRECT_URI to TRUE.

Review the Security Integration

Use DESC SECURITY INTEGRATION <security-integration-name>;

Modify the Security Integration

Use ALTER SECURITY INTEGRATION IF EXISTS <security-integration-name> SET <attribute-name>=<attribute-value>; to modify any attribute for the security integration.

Retrieve the Client ID and Client Secret

Use SELECT SYSTEM$SHOW_OAUTH_CLIENT_SECRETS('<security-integration-name>'); to retrieve the client id and client secret. You need this information to setup the integration at Splunk DB Connect side.

Configure a Snowflake connection in Splunk DB Connect

This section describes how to use the OAuth Security Integration defined in this guide, to establish connection to Snowflake from Splunk DB Connect.

Create an identity using OAuth Provider type

  1. Go to Splunk DB Connect > Configuration > Databases > Identities, and from the New Identity menu, select the OAuth Provider.

  2. In a Provider selector, choose Snowflake.

  3. In the Account URL, set https://<account-identifier>.snowflakecomputing.com.

  4. Provide the Client ID and Client Secret. See Retrieve the Client ID and Client Secret.

  5. Click Save. You are redirected to the Snowflake OAuth authorization pages.

Create a connection using Snowflake Using OAuth Authorization Code type

  1. Go to Splunk DB Connect > Configuration > Databases > Connections and click New Connection.

  2. In the Connection Type selector, choose Snowflake Using OAuth Authorization Code.

  3. In the Identity selector, choose an identity type OAuth Provider.

  4. Complete other fields and click Save.

AWS Athena

Amazon Athena is a powerful query service that enables you to analyze data stored in Amazon S3. It supports querying data in multiple formats, making it a versatile tool for data analysis. Furthermore, Athena can serve as a bridge for ingesting data from other AWS services, as these services can be configured to store various types of data in S3.

When creating a new connection, select the AWS Athena connection type. This preconfigured connection supports authentication using AWS IAM credentials (Access Key and Secret Key), allowing secure access to Amazon Athena through the JDBC driver.

Configure the JDBC Driver

  1. Download the JDBC driver from Athena JDBC 3.x Driver. Use the Uber JAR, as it includes all necessary dependencies bundled into a single file.

  2. Copy the JAR file to $SPLUNK_HOME/etc/apps/splunk_app_db_connect/drivers.

  3. Restart Splunk.

Configure the Connection

  1. Select the AWS Athena connection type.
  2. Create a new IAM user in AWS Identity and Access Management (IAM). Ensure the user is assigned the following policies:

    1. AmazonAthenaFullAccess

    2. AmazonS3FullAccess

  3. Configure an identity in Splunk DB Connect:

    1. Use the IAM Access Key as the username.

    2. Use the IAM Secret Key as the password.

  4. JDBC driver automatically handles Host. You can enter any placeholder value, such as Ignored.
  5. Splunk DB Connect requires Database, but it's optional for AWS Athena. Enter a placeholder or meaningful value, such as Ignored.

  6. OutputLocation specifies the S3 bucket where Athena stores query results. Use the S3 URI, including the s3:// prefix.

Once you complete these steps, you can query and ingest data from AWS Athena using Splunk DB Connect.

Snowflake authentication mechanisms

This guide describes the https://docs.snowflake.com/en/guides-overview-secure Snowflake authentication mechanism and its support by the Snowflake JDBC Driver and Splunk DB Connect.

Password-based authentication

You can configure using DB Connect identities or adding user and password as a connection property.

ApplicationSupported
Snowflake JDBC DriverYes
Splunk DB ConnectYes

Single sign-on (SSO) / OAuth

When you use SSO, manual interaction is required, making it unsuitable for automated tasks. However, you can achieve integration by combining SSO with OAuth, which involves implementing logic to refresh tokens as needed. Keep in mind that refresh tokens can also expire; if Splunk DB Connect remains inactive for an extended period, it may be unable to obtain new tokens.
ApplicationSupported
Snowflake JDBC DriverYes
Splunk DB ConnectNo

References

Key pair authentication

Currently you can configure Key-Pair authentication within the JDBC Connection String by specifying the private_key_file and private_key_pwd.
Connection PropertyDescription
private_key_filePath to the private key, in the PKCS#8 format
private_key_pwdPassphrase used to decrypt the private key

Optionally you can specify private_key_base64 instead of private_key_file. See JDBC Driver connection parameter reference.

Currently DB Connect does not support the use of the privateKey connection property.

ApplicationSupported
Snowflake JDBC DriverYes
Splunk DB ConnectYes

References

Using multi-factor authentication

MFA

The MFA uses Duo security services. You must be enrolled into MFA and set a passcode in the JDBC Connection String. For automated tasks, this does not work when passcodes expire. After some time, the application loses its connection to Snowflake, and you must manually provide a new passcode.

ApplicationSupported
Snowflake JDBC DriverYes
Splunk DB Connect No

References

Using multi-factor authentication